Mozilla Firefox joins Google Chrome in Rejecting Entrust SSL/TLS Certificates

Following Google Chrome’s decision earlier this year to distrust Entrust’s SSL/TLS Certificates, Mozilla Firefox has reached a verdict that it too, will no longer accept Entrust’s root certificates in Firefox from November 30th, 2024.

Entrust’s Market Share

Several sources indicate that Entrust has only a small share of the certificate market, which is true when assessing random samples of millions of websites. However, it is clear that Entrust has a large share of the enterprise market, with 10% of the Fortune 500 utilizing their certificates to protect their main website. What does this mean for Entrust’s users? With Google setting a revocation date for October 31st, and Mozilla Firefox, November 30th, enterprises will not have long to make a decision. Even before Mozilla’s decision, Entrust released a press statement with SSL.com, announcing that their new joint setup would allow for a “seamless transition”. This is good news then, for Entrust, but the announcements begs the question of the big picture market share for SSL/TLS Certificates.

The Rise of Automated, Free, SSL/TLS Certificates

SSL/TLS Certificate competitors have been feeling the squeeze over the last 10 years with the rise of “Let’s Encrypt”, which supports free and automated SSL/TLS certificates to encrypt the internet. Let’s Encrypt now secures over 13% of the Fortune 500, and over half of the world’s websites, including this one. Despite competitors offering certificates including Organizational Validation (OV) and Extended Validation (EV), EV has been sidelined for a few years now, and verification requires some technical know-how by the user to accurately verify the company against potential imposters. Sponsored by Google, Amazon Web Services (AWS), Meta (Facebook), Cisco, Akamai, IBM, and many others, Let’s Encrypt will likely continue to grow well beyond its 50% market share.

What about BIMI?

Brand Indicators for Message Identification allows companies to incorporate a verified trademark logo next to the subject line in a user’s inbox, improving professional appearance, with the aim of decreasing phishing risk. To this day, only two certification authorities are able to issue BIMI-grade certificates, DigiCert, and Entrust. It is as of yet unclear as to whether these certificates of Entrust will also be distrusted in the future, but it throws the future of BIMI into peril, with only 5% of the Fortune 500 having adopted it, adoption may be further stalled should DigiCert become the sole provider of such certificates. As of right now, of the 5% of the Fortune 500 that have adopted BIMI, the market is split 50-50 between Entrust and DigiCert. Such standards typically receive high levels of adoption, when multiple providers of the service exist, for example, the 100+ root certificates trusted by browsers.